Filtered by vendor Redhat
Subscriptions
Filtered by product Red Hat 3scale Amp
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5349 | 3 Fedoraproject, Redhat, Rmagick | 3 Fedora, Red Hat 3scale Amp, Rmagick | 2024-08-29 | 5.3 Medium |
| A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion. | ||||
| CVE-2024-0560 | 1 Redhat | 1 Red Hat 3scale Amp | 2024-08-28 | 6.3 Medium |
| A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. When the auth_type is use_3scale_oidc_issuer_endpoint, the Token Introspection policy discovers the Token Introspection endpoint from the token_introspection_endpoint field, but the field was removed on RH-SSO 7.5. As a result, the policy doesn't inspect tokens, it determines that all tokens are valid. | ||||
| CVE-2023-4910 | 1 Redhat | 2 3scale Api Management, Red Hat 3scale Amp | 2024-08-20 | 5.5 Medium |
| A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache. | ||||
| CVE-2023-0456 | 1 Redhat | 2 Apicast, Red Hat 3scale Amp | 2024-08-02 | 7.4 High |
| A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information. | ||||
Page 1 of 1.